Categories
Articles Legal News Technology Web Security

A New Virus, Suspected Variant of ‘Ramnit’ Malware Family, Spreads Fast in Indian Cyber Space

A new virus has been found to be “spreading widely” in the Indian cyberspace. The said virus  is a  suspected variant of malware family called ‘Win32/Ramnit’ and steals bank account details and passwords of the user once it is clicked.

Ramnit worm spreads by infecting or modifying files existing on target systems such as (EXE, dll or html) and creating a new section so as to modify the entry point to that section.

The malware steals credentials like file transfer protocol passwords, bank account logins, infects removable media, changes browser settings and downloads and executes arbitrary files.

The virus so is extremely deadly and potent because of two facts:

  • It has ability to hide itself from anti-virus solutions and acquires various aliases to attack a genuine system or Internet-based connection which works to play emails and other user services.
  • It infects the removable media by copying itself to its recycle bin and creates an autorun.inf file.

Once the system is infected, the malware injects its code into windows executable  html files or dlls to communicate with its command and control server, thereby compromising the security of the online system.

Counter Measures in this regard:

  1. Users should not download and open attachments in emails received from untrusted users or unexpectedly received from trusted users.
  2. One should exercise caution while visiting links to web pages and not visit untrusted websites.
  3. Enable firewall at desktop and gateway level and disable ports that are not required.
  4. Avoid downloading pirated software.
  5. Keep up-to-date patches and fixes on the operating system and application softwares.
  6. Keep up-to-date anti- virus and anti-spyware signatures at desktop and at gateway level.

Law Perspective:
If any person, without permission of the owner or any other person who is in charge of a computer, computer system of computer network, downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network, he is guilty under Section 43(b) of  the amended Information Technology Act, 2000.

Spreading of virus is  a cognizable crime under the section 43(c), which  imposes compensation for unauthorized introduction of computer contaminants or computer virus.  Since section 43 does talk on the exact amount of compensation, one remains on mercy of Courts and intelligence of lawyers, because data being intangible asset, the worth can run into millions or trillions of denominations.

Spreading of virus is also  a cognizable crime  under  section 66 of The IT Act, 2000 in India. It attracts up to 3 Years of imprisonment or up to Rs. 5 Lakhs of fine or both.

Categories
Articles Hosting News Start-Ups Web Hosting Website Development

How to choose a Good Web Host- 6 Most Important Factors

Make a Google search for online reviews of the web hosting provider you’re considering for your website and you’ll realize one thing before even making your website live for the first time- There is no single web host with unanimously positive reviews out there. Not even those who charge humongous price for their services. Ask any three customers who have used the same Web hosting company and chances are very high that you’ll get extremely different opinions. Why?

Because there is no such thing as a ‘Perfect Webhost’. Every web host has it’s own pluses and minuses; what matters is how good it is for you-and that totally depends on the kind of website you want to host and the kind of services you need. To help you find the right web hosting provider for your website here are some of the most vital features you should look for.

Know yourself. Decide what you want.
There are a gazillion web hosts out there and each one of them has their own characteristics. So to take the first step, think of your requirements- what do you want from a web host? What is your budget? What can you afford- a high, medium , or low price hosting? What kind of support do you need from the web host? Do you want a website only to have fun and share ideas with your family/friends or you want one for your business? Free web hosts will be fine to have fun, but if you want a website for business, you need quality, and for quality, you need money. After all, you cannot expect top-notched support if you only pay around 7$ a month.

If you’ve a small businesses which attracts relatively light traffic and sales , you should go for shared web hosting. If you run an ecommerce business, you may want to check out a Virtual Private Server. And if you’ve a high traffic ecommerce site that gets heavy traffic and does thousands of dollars of business per month, dedicated hosting is the way to go. This infographic will give you a better idea on the type of web hosing service that is best suitable for you.

Also, don’t forget to weigh your wallet before making a final decision. If your purse strings are drawn tight, go for the most economical option, because expensive doesn’t necessary mean good.

Customer Service
As I said before, all web hosting companies are more or less the same- their real litmus test is their ability to put things back in place when they go haywire. An ideal Web hosting company provides good, fast, reliable customer service, 24/7, via email, telephone and live chat.

But then again, every company will say it does. So how do you know which one to trust? Take them for a test drive. Call their help desk and see how long you’re kept on hold, what’s the quality of online chat, how knowledgeable and friendly their staff is and how much their response time is for emails. Go for a web hosting provider you can call at 3 in the night and expect to have your problems rectified.

How is their interface?
You don’t want to find yourself your host every time you want to add/change something on your website. You should be able to manage all the facets of your site at a single place, and for that, you need a good online management system. Every single company out there offers at least a month of trial period (if they don’t, it’s a red flag). So before you buy, see how comfortable you feel with their user interface, control panel etc. And as I said before, you cannot expect to make changes to your website yourself if you wish to pay only 6-7 $ a month.

Uptime and backup

Do your Research-Make sure you don’t run in a similar situation.

A decent web hosting company should promise a certain level of uptime- the minimum being 99.5% . And incase it fails to deliver it, there should be some sort of refund. This puts at least a little onus on the company to make sure that their servers are up and running.

You should also check how often the Web hosting company performs backups. In case your website gets hacked, you want your data safe at least till 2-3 days back. Ask the company about their disaster recovery plan too- if there is a fire, earthquake, flood or any other natural disaster-what’s their backup plan?

Scalability
You business may be small right now thus making you go for shared hosting, but you might need VPS hosting soon once your business grows. Make sure that the hosting company allows an ease of upgrade to a different plan.

That said, also stay few feet away from companies who push to sell you more services than you need in order to mint some easy cash. As I said in the first step, know exactly what your needs are.

Hidden Fees
Is there a limit on the number of FTP accounts and MySQL databases or the number of files that can be stored? How many email accounts are allowed with each plan, and what is the amount of email storage? How many add-on and sub-domains does the Web hosting company provide — and are they free? If not, how much does it cost to add a domain or sub-domain? Are features like backup, shopping cart and other ecommerce applications like SSL certification, merchant accounts and PCI compliance included in the Web hosting plan or will they be charged extra?

Don’t be shy on asking these questions. I’m sure you don’t want an additional surprise bill at the end of the month.

Wrapping things up!
In addition to the points listed above, always check the reputation of your provider online. As I said, be prepared for a wide range of opinions and weigh them on basis of your need. There are plenty of quality web hosting forums who allow only genuine reviews to be submitted and who is in a better position to comment on the quality of a web host’s services than people who’ve had first-hand experience of working with them?

Categories
Articles Domain Technology Web Security

Understanding Types of SSL Certificates, Their Validation Process and Points to Consider Before Buying Them

When someone purchases anything over the internet and pays through online banking or via other payment options like PayPal, 2checkout, etc., his/her personal information is transmitted, which if not encrypted, is at particularly high risk. The SSL (Secure Sockets Layer) protocol secures the transmission of information between a domain name and the visitors. This means that the account information entered by an individual while shopping online should safely arrive on the server of the shop owner without any third party gaining unauthorized access to it.

Also, many of you would’ve noticed a sudden increase in the number of online attacks happening over the web recently. There are numerous types of attacks like phishing, spamming, eavesdropping etc. than can jeopardize your website, causing an irreversible damage to your online reputation. SSL Certificates not only provide a security shield against such attacks, but also help create an aura of trust and a sense of security in your customers’ mind that you’re a credible organization validated by a proper certification authority and that it’s safe for them to share their data with you. The video below will help you get a detailed idea of how an SSL certificate works, and will likely solve most of your queries:

However, a blind trust in SSL Certificates can be dangerous. A website that displays an SSL certificate should be reliable and recognized by an authorized certificate authority.

Self-Signed SSL does not provide complete protection
There are many self-signed SSL encrypted websites out there that aren’t safe for secure transmission of your sensitive data. A Self-Signed Certificate is less trustworthy because it is signed by an individual and not by a trusted authority.

  • Such certificates have nothing to do with the identity of the person or organization that actually performed the signing procedure.
  • Self-Signed certificates aren’t trusted by other applications/operating systems. This may lead to authentications errors when a visitor lands on a website.
  • They use low hash and cipher technologies. Due to this, the security level implemented by self-signed certificates may not satisfy the current Security Policy etc.
Self Signed Certificate disadvantage
A likely occurrence if you use a Self-Signed Certificate

So, when you buy an SSL certificate for your e-commerce business, always pay attention to two main points:

  • SSL certificates provider – When you decide to purchase SSL certificate for your ecommerce business, you should check the review of certificate provider and examine which company is serious about the security of your data. Also, check some other criteria like whether the IT processes with in the company are ISO 27001 certified or not.
  • Choose right product – Always remember, expensive ? quality. There are various types of SSL certificates available in the competitive market, and not every one of them is right for you. So evaluate your business requirements properly and then so come to a decision as to which certificate can fulfill them best . There are many SSL wizards out there that can help you with this.

Once you’ve bought an SSL Certificate from a reputed organization, take care of two things:

  • When your certificate is going to expire, your SSL provider will send you a notice for its renewal. You should not be careless about such warnings. Visitors tend to move away from websites having expired security certificates. While renewing your certificate your email address or web address should be the same as you had while applying for the SSL certificate. A continuous ignoring of such warnings can have a negative impact on your business in long time.
  • Buying an SSL certificate is not enough. You must take proper steps to ensure proper implementation of the SSL protocol on your website. Have a look the common errors people do while installing SSL Certificates on their website.

Differences in certificates validation:

There are different processes for examining the authenticity of a website owner’s identity; some authorities do verification via telephone, while some examine the documents of an organization. Without checking or examining the identity, a certificate cannot be issued. Different types are SSL certificates have different validation processes:

Different types of SSL Certificate validation
Different types of SSL Certificate validation
  • Domain validation certificates: For domain validation, the certification body only checks whether the applicant is the owner of the domain. A message is sent to the administrative e-mail address of a domain, and it must be acknowledged to confirm ownership. The risk of deception for these certificates are relatively high.
  • Organization Validation certificates: In these cases, additional corporate data, like name and full address of the organization etc. are thoroughly checked.

Wrapping Things Up
As I had mentioned in one of my previous articles, SSL is a powerful tool for protecting not only your user’s data, but also their confidence in you. It’s the first thing a user will look for when deciding whether or not to trust a site, but it doesn’t cover all the security issues. It’s just one aspect of a greater effort. SSL protects data during one specific period of time, but that time isn’t the only window of opportunity that an attacker has to strike. Proper installation must be done to ensure that when you employ SSL you don’t render it redundant by neglecting to examine your systems for weaknesses in other key areas. It should never be assumed that a system is secure. A system should be proven to be secure by pro-actively seeking out weaknesses and eliminating them.

Categories
Articles Cloud News Technology Web Hosting Website Development Wordpress

Five Critical Ways for SMBs to Avoid IT Downtime and Maximize IT Infrastructure Reliability

With more Small and Medium Businesses (SMBs) online than ever before, maintaining a reliable IT infrastructure is critical. When a small business’ website suffers performance problems and outages, the company risks the possibility of lost income and sales, customer dissatisfaction, security risks and breaches. In today’s world of nonstop online consumer interaction, it is essential that SMBs have a plan in place to ensure website and IT infrastructure accuracy and consistency.

Most SMB owners are not IT experts and are almost entirely focused on their own products and services. In that tunnel vision, they may not fully understand the essential IT web services that are required to keep the online part of their business up and running. For the longest time, IT infrastructure monitoring was just for big businesses. In today’s increasingly complex tech landscape, now almost everyone needs it because mostly every business (even the smallest) relies on an always-on online presence. The consequences of businesses being offline are staggering. According to recent data, in 2012 alone there was $237 million in turnover attributed to downtime, which can cost upwards of $1 million a day or as much as $40,000 in one hour of downtime for businesses.

The experts at Anturis Inc., a vanguard IT solutions company, have come up with five critical ways for SMBs to avoid downtime and maximize IT infrastructure reliability. By keeping these tips in mind and ensuring they have the proper IT monitoring solution in place, SMBs can minimize losses and maintain a strong, secure and reliable online presence:

Tip #1: Monitor Transactions, Not Just Website Homepages
The monitoring of a website means that the main page (homepage) will be opened periodically. If the page doesn’t open or an error occurs, the system administrator will be notified. However, monitoring the homepage (or even several pages) is not enough to ensure customer satisfaction. Today’s online platforms usually include one or more Web applications, and what you see on the next page often depends on what you do on previous pages.

For example, in a typical E-Store, a customer checks the product catalog first, then selects the product they want to purchase, adds it to a shopping cart and proceeds to a payment page. They can then view the total price on the final page. This multi-step transaction touches many different subsystems of a website behind the scenes. Running a transaction involves not only the web server, but also a database (to fetch the catalog), shopping cart module, payment gateway and other functions. To ensure everything is running successfully there has to be constant monitoring, with regular testing of transaction speed and completion to ensure that a customer receives the product and service properly and in a timely manner.

Tip #2: Check The Hard Drive Disk For Space Availability
Even though there can be multiple reasons why a website fails, there are a few things that commonly happen. One such issue is the lack of disk space. This is very dangerous, as it can lead not only to stopping the website service, but also to data corruption that can be hard to fix quickly. Databases grow in size with time, and so do email archives and log files. This all requires more and more gigabytes to function properly. Monitoring free space on the hard disk drive, and adding to it regularly, is essential.

Tip #3: Check How The CPU Load Changes In Time
According to statistics, 25% of users will leave a website if it doesn’t open within three seconds. Lack of processing power can significantly reduce the level of service and overall feel and functionality of a businesses’ website.

CPU loads vary all the time. If it’s 100% for some time, it doesn’t necessarily mean that the system is overloaded. It is important to view and monitor the average data over a day, week, month and year. If the CPU load increases from week to week, the system administrator can determine when the system should be upgraded. It’s also useful to periodically analyze the leaps of the CPU load. If there are large leaps, it could mean that there is a process that overloads the CPU from time to time, or perhaps the CPU is being impacted by malware. During this time, the quality of service is reduced. Identifying these processes and causes helps to ensure that a business is using its CPU capability more efficiently.

Tip #4: Monitor Your Service From Multiple Locations
Internet providers, datacenters and sometimes even entire regions can suffer from temporary Internet connection degradation. If you monitor the availability of your website from a single location you will be notified not only about problems with your server, but also problems with the connection between the monitoring location and your server. Monitoring, and more importantly automatic monitoring, from several locations ensures that you will not receive notifications caused by connection problems. If a check fails from one location but unavailability is not confirmed with failures from other locations, this points to a network problem rather than Web server problem. An often overlooked issue, this tip may save significant time diagnosing issues caused by false positives.

Tip #5: Monitor Your Website Host
It’s possible that the hosting provider is the cause of a website being down and unavailable. This doesn’t necessarily mean a full outage of your server, but perhaps a noticeable performance degradation that will adversely affect visitors. Typical causes of performance issues on a host’s side are poor isolation of virtual servers, computing resource over-utilization and inaccurate configuration changes.

If an SMB experiences problems with their website host, they can ask for a monetary refund or consider moving to a different host. If you have high traffic to your website, you can also consider redundant configuration.

In the end, IT infrastructure monitoring is now a must for most every business. Downtime costs opportunity, customers and money. While there are certainly more guidelines to avoiding downtime, the above highlight the critical tips for SMBs to save lost time, lost revenue and strive towards the ultimate goal of 100% availability.

About Anturis Inc.
A vanguard IT solutions company, Anturis Inc. is the developer of IT infrastructure monitoring and troubleshooting solutions for small to medium sized businesses. Anturis, now available in beta, delivers organizations of all kinds a 24×7 comprehensive monitoring and troubleshooting service that is both feature rich and easy to set up and use. Anturis, Inc. was founded by successful IT entrepreneurs Serguei Beloussov, Max Tsypliaev and Ilya Zubarev. For more information, or to start using Anturis now, visit www.anturis.com.

Categories
Articles News Technology Web Security Website Development

Importance of Website Security and Gaining Customer Trust through SSL Certificates

If there’s one major invention that can serve as a hallmark of technological innovation in the 21st century, it has to be the Internet. An absolute necessity, it’s a major part of day-to- day life of more than 73% of the adults today. And why not? It makes their life easier and more fluid. Working, shopping,banking, pursuing personal interests, healthcare, guidance, entertainment- you name it, any and everything can be done online today.

But, as the number of ways in which internet makes life easier are increasing day by day, so are online scams and frauds . There are various malicious individuals, who go through great pains for snooping your website to find weak areas or ‘loop holes’ which they can use to gain access to it. Once they gain access to your website, it’s not only you who is affected; your website users/visitors who have their personal information like contacts, bank details, passwords stored with you also become an unwilling victim of this cyber-crime.

And here’s the thing, customers these days are tech-savvy and they’re well aware of the potential security risks of visiting a website that doesn’t look safe. To share their data with you, or to do business with you, they need assurance that you’ve all proper security systems in place to ensure the safety of their data. So if you haven’t taken proper steps till now to put forth your website as reliable and trustworthy, now is the time to change your game plan.

Importance of website security

Your website, if not protected could be vulnerable to some serious threats like-

  • Mal-ware attack: – Mal-ware attacks include attacks from several viruses (Trojan horses, root kits & worms). Once your website gets attacked by a malware, it gets blacklisted. A user, thus, on visiting your website will get a warning from his/her website that your website isn’t the best place to hang around and just like that, you’ve lost a potential customer.
  • Phishing of websites: – In phishing, you may receive an e-mail or message that looks safe because it is in the name of the an established company or service provider. But when you click on it, you lose all your sensitive data such as credit card details, social security numbers, contact details, passwords and so on.
  • Virus attacks: – In addition to securing your website from cyber-crimes, you should also secure your website against virus attacks by installing proper antivirus in your system. Sources of virus could be e-mails, other websites or your device (PC/laptop).
  • Spying or sniffing of the data: – Sniffing can be defined as an act of tracking the network traffic for data such as configuration information and passwords.
  • Hijacking of session: – With the development of new plug-ins like “Fire-sheep”, hijacking of a session has become ridiculously easy. Fire-sheep finds unsecured Wi-Fi connections over the network and steals unsecured cookies. As soon as anyone visits an insecure website, they become visible to the Fire-sheep and their accounts are hijacked.

Customers and website securityA nicely designed website with desired and multiple payment options is thus not enough for an e-commerce business. According to an estimation, 54% of people avoid visiting sites which are not properly secured. So in this day and age when even a slightest hint of unsafety can put users off your website, how do you tell them that your website is secure and reliable, and they can share their information with you without any safety concerns?

Installing an SSL certificate can be a good start, because what’s better than the user’s browser himself telling that this website has been thoroughly tested and authenticated by a trusted security provider and your online transactions, emails and passwords, will be safe here?

SSL Certificates and Online Security
Secure Socket Layer, widely known as SSL is a security protocol similar to that of HTTPS. It acts as a digital passport, and checks whether transmission of data over a network is secure or not by verifying the identity of both, the client as well as the server. After the said check, an SSL certificate provides your website a particular site seal, which shows that the visitors that your it is secured and it is safe to do business with you.

In order to secure your website with SSL protocol, you need to purchase proper SSL certificate products. SSL certificates are digital certificates that are accredited by CA. Certificate authority (CA) is the main authorized center that issues SSL and other digital certificates.

Please note that it is very important that you choose the right SSL certificate for your business, as there are hundreds of options available, and every business has its own unique requirement. Consult your technical staff or website hosting providers or authorized SSL certificate providers like Cheap SSL Shop – www.cheapsslshop.com, who can suggest you an SSL certificate that is perfect for your business and provide it at a nominal and highly-discounted price.

Categories
Articles News Technology Web Security Wordpress

Understanding Real Threat of the Largest WordPress attack in history and Combating it

An unusually powerful online attack, using more than 90,000 IP addresses , is currently ongoing against WordPress blogs with weak admin credentials. Targeted at vulnerable WordPress users who still use the default “admin” username, this brute force dictionary-based password-guessing attack is trying thousands of passwords to crack their administrative credentials .

Now password-guessing attacks of this sort happen all the time, right? What’s all the fuss about? Analysts are speculating that this attempt is just a warm up for a much wider and larger attack that is to come. How? The avalanche effect.

Sites which are broken into (and thousands have been), will be seeded with a backdoor which will give access to the attackers to control the site remotely. These sites will then be used just like 90,000 IP addresses mentioned above and conscripted into the attacking server botnet, thus forced to launch password-guessing attacks against other sites running WordPress.

So the attacker who as of now seems to be using a weak botnet/network of home PCs, which are connected to the Internet with a mere 10 megabit or 20 megabit line, will soon have a much larger botnet of huge servers having essentially unlimited Internet bandwidth and large network connections , thereby capable of generating a huge amount of traffic on an unprecedented scale that might affect the entire internet infrastructure and slow it down on a global level. Scary, right?

ddos attack explainedIf you haven’t locked down your website properly, now is the time to spur to action because chances are it could be hijacked by cybercriminals for their own purposes, without you even knowing.

Maintain strong passwords: Let’s kick off the list with the easiest step you can implement immediately. Use strong passwords including upper/lower keys, numbers and symbols.

Rename the administrative account: Create a new user with administrator rights and delete “admin”-the default administrator of WordPress powered sites.

Install a login limiter for WordPress: A login limiter can essentially block the IP address which tries and fails to send login requests above a threshold rate. For example, three consecutive failed login attempts can be backed up with a penalty timeout of 1 hour and an e-mail notification to the website owner about the same. Two WordPress plugins which let you enforce a login limiter are Limit Login Attempts and Better WP Security.

Enable Two factor Authentication: Two Step Authentication for WordPress.com accounts was released just a week back and we strongly recommend that you deploy it.

Keep up to date with the latest version of WordPress: WordPress team creates patches to help fix security holes at frequent intervals. Keep a tab on them and also new versions of plugins and themes.

If you implement these five basic and essential steps, you’ll be just fine. However, if you want a properly secured WordPress website which virtually no one can break into, you might want to go through this detailed guide on WordPress Security: The Problem, The Solution, And Remedies.

Categories
Articles News Technology Web Security Web Security

Technical Features and Advantages of Secure Site Pro with EV SSL

As evident by the name, Secure Site Pro with EV SSL is one of the most advanced level of SSL security certificates. Because of the extensively rigorous levels of authentication process one has to go though to obtain it, a Secure Sire Pro with SSL certificate allows you to loudly and clearly state the legitimacy of your organization even to those who don’t understand web security.

Nothing can be clearer that your browser approves of a site than the color green. This certification also allows you to present a dynamic trust seal on your site, presents your official business name in the address bar, and allows you to advertise to your customers that you are using the highest level encryption and business validation. This comforts web users, consciously and subconsciously, that not only they are secure with their confidential information while transmitting online, but they also can relax knowing they are dealing with an established and accredited online business platform.assures the visitors that the site they are visiting has been thoroughly tested and is genuine.

Why is Secure Site Pro with EV SSL considered the most advanced level of SSLs?
Because a Secure Site Pro with EV SSL Certificate uses Server Gated Cryptography (SGC) to ensure a very strong level of encryption to all site visitors, including those with nonstandard or older Operating Systems and browsers. In fact, some of the nonstandard and older browsers and operating systems will not even connect at the strongest encryption level without Server Gated Cryptography SSL encryption in place. In addition to this, a Secure Site Pro with EV SSL comes with a Vulnerability Assessment Tool.

What is a Vulnerability Assessment Tool?
For this, let’s understand what ‘Website Vulnerability’ means first. Website Vulnerabilities are potentially exploitable weaknesses in a website that can compromise it’s security. Vulnerabilities hence are probable entry points through which a Web site’s functionality or data can be damaged, compromised or manipulated. A typical Web site /blog may have anywhere from hundreds to thousands of potential vulnerabilities.

A Vulnerability Assessment Tool thus helps you quickly identify and take action against the most exploitable weaknesses on your customers’ Web site. Some of it’s features are:

  • An automatic weekly scan for vulnerabilities on public-facing Web pages, Web-based applications, server software, and network ports.
  • An actionable report that identifies both critical vulnerabilities that should be investigated immediately and informational items that pose a lower risk.
  • An option to re-scan your customers’ Web site to help confirm that vulnerabilities have been fixed.

What are major advantages of Secure Site Pro with EV SSL?
1]
As already mentioned, online shoppers recognize the green address bar as a reliable way to verify a site’s identity and security. And only SSL certificates with Extended Validation trigger web browsers to display your organization’s name in a green address bar. So if you own a e-Commerce based website, online shoppers are more likely to enter their credit card and/or other confidential financial information into your website if you’ve a SSL EV green bar.Secure Site Pro with EV SSL Green bar

2] Secure Site Pro with EV SSL comes with a Norton Secured Seal, which is the most trusted mark on the Internet, and is viewed more than half a billion times per day on websites in 170 countries. Symantec’s Seal-in-Search helps you maximize click-through and conversions by displaying the Norton Secured Seal next to your link on browsers enabled with a free plug-in as well as on partner shopping sites and product review pages so that customers know that your website is verified.

Norton Secured Seal
Norton Secured Seal Displayed in Search Results

3] Vulnerability assessment and daily website malware scanning helps protect your site from hackers.

4] Secure Site Pro provides complete business authentication. It verifies the existence of your business, the ownership of your domain name, and your authority to apply for the certificate. This, again, provides high assurance to your website visitors.

5] Multiple level of encryption, which includes maximum strength 256 bit and minimum strength 128 bit.

6] Full compatibility with all mobile devices and latest and oldest web browsers including

  • Firefox 1+, 2+, 3+
  • IE 5+, 6+, 7+, 8+
  • Netscape 4+
  • Opera 7+
  • AOL 5+
  • Safari

7] Comes with $1,500,000 warranty. in case your visitor incur losses resulting directly from an online credit card transaction as a result of a mis-issued Secure Site Pro with EV Certificate.

Advantages of Secure Site Pro with EV SSL

Final Verdict: Secure Site Pro with EV is one of the most advanced, trusted and secure SSL certificate with features second to none. It protects website users and their confidential information over the internet. Using it, you can be assured of an increase in sales level and improvement of brand reputation along with enhanced security of your online business platform globally.

Categories
Articles News Technology Website Development Wordpress

How to Increase Speed of Your Website by Content Optimization and CDN

There are many ways to improve the performance of a Web site and the strategies that optimize this performance can be organized into three types.

The first category concerns support hardware. It is obvious that improving the performance of the machine (physical or virtual) that is hosting the web site or an application can also significantly reduce the loading time of web pages. However, only large companies with direct access to the front-end machines, whether they’re placed in-house or at a colocation hosting provider, can hope to optimize the website performance by working on the support hardware. Small and medium size companies usually rely on a web hosting provider, so it is not always possible for them to choose the hardware that is right for them. They can, however, improve upon the technical features of their web hosting plan: number of processors, server RAM, bandwidth, etc.

The second category concerns the optimization of the server side scripting. Most Web applications use some sort of programming language to create dynamic web pages, with some examples being PHP, ASP, JSP etc. Once you choose the programming paradigm, the speed of the site will depend heavily on the quality of the software. Two websites using the same scripting language and a web host with same technical characteristics can significantly differ in their performance due to the architectural choices of the software. Put simply, with regard to the optimization of server side scripting, there are two factors that matter most:

  • Choice of the platform.
  • Skills of the development team that produces the software.

The third category concerns the material displayed on the front end like pictures, animations, content, and even the client side scripting languages.

It is extremely important to understand the difference between the quality of software server side and the client side. A Web page can be optimized from a server side, for example,by writing PHP code with an eye towards performance. An optimization of this kind results in an improved execution speed at the server side. On the contrary, optimization at the client side needs well-written JavaScript code execution.

Let’s see an example: Consider a Web page that weights 5KB on the server, written in PHP. If the code is well written, page could produce the markup sent to the client in a matter of milliseconds. If poorly written, it could take seconds to accomplish the same task .

Now let’s look at the issue from the client side. The HTML page produced at the client side contains images, content and JavaScript code. Let us assume that this page weighs 20KB. Now this 20 KB size may have a 90% contribution by images and 10% by the textual content or a 50-50% contribution by both. However, there is also a possibility that most of its contribution comes from the JavaScript code.

Now this Javascript code must have been written extremely well and would have run very fast in the browser; but the very fact that it weighs a solid 20KB will still increase the page loading time drastically. Lesson? When optimizing the performance of the client side, always give more importance to reducing weight of the code than the speed of its execution. Obviously, both the factors are partly related and not mutually exclusive, but must be measured and evaluated independently for the best results.

Now, out of the three categories mentioned above, which one can you handle most effectively? The answer most likely, is the third one; simply because:

  • As discussed earlier, most of us don’t have full control over the hardware,
  • And server side programming, while very crucial, is also not under full control of the person who initiates activity on the Web. For example, if we use a CMS to create a web site, then we do not hold cards on the table and cannot expect to change website performance considerably. We can only use the most recent versions of CMS and hope that they are faster than the previous ones.

So let’s discuss what we can control- the contents exposed at the front-end i.e images, textual content, JavaScript libraries etc.

Reducing Website Loading Speed by Content Optimization
All modern browsers are equipped with tools that allow you to measure the loading time of each element on the page. For example, if you use Firefox, you can install the plugin Firebug. If you use Internet Explorer, you have an analysis tool built into the browser called ‘development tools’. If you use Chrome, you have an integrated tool which you can activate by this path: Customize menu – Tools – Tools for Developers. When you open a page on our site with one of these tools of analysis, you can get very useful information on the performance of the page.Let’s consider performance analysis using Firefox’s plugin Firebug.

In the figure above you can see the detailed information about each component- its size in KB, load time in milliseconds etc. Now you can identify the heavier elements and ask yourselves if you really want to keep them on the page. If they are extremely essential, are there any alternative solutions? (see for example the use of the CDN, discussed below)

Reducing Website Loading Speed by using Content Delivery Network (CDN)
The abbreviation CDN stands for Content Delivery Network and is the hosting service of libraries and resources distributed across a network. Many developers use this system to load the JavaScript libraries from a remote server in order to conserve the bandwidth on your host. Let’s understand how it works using a concrete example, considering the jQuery library.

When we load jQuery on our website we can specify a script tag to point to the jQuery site, such as in the lib directory. This means that every time a new user comes to the site, he will have to download the library, thereby hogging bandwidth and employing a certain time. However, if the script tag was referring to the URL of a CDN, then the library would be offloaded from the host associated with that URL. And CDN services consist of a network of servers that offer the same content. This means that the user will download the library using the bandwidth of the closest available server to his geographic location, thereby significantly reducing the page load time.

Most of the companies use CDN as a personal service to distribute their content on the Web. The primary advantage of this is that even if a company has its dedicated server located in India, even those who connect from UK will be able to load its website quickly, because it will automatically download all the content from the nearest CDN server.

Modus-operandi of CDNs

Reducing Website Loading Speed by Optimizing the Size Of The Images
The most used formats of images on the web are probably JPEG, GIF and PNG. Depending on the type of image you can optimize performance by choosing the right size. To understand what is the best format for a certain image, we have to analyze the type of image.

  • If the image contains many colors, spread in a phased manner, with detailed nuances (such as a photograph), you can decrease its size by saving it in JPEG format.
  • If the image is simpler, i.e. made up of bars, charts, graphs or symbols with a few well-defined colors and no gradients, then should use PNG format.

In case of doubt you can do a simple test: save the image in both formats and compare the size, keeping an eye on the quality of the result. If the quality remains almost unchanged to the naked eye, but the size is greatly reduced, probably you should use the lightweight format, i.e. JPEG. If the dimensions are similar, or if the quality of the compressed format is insufficient, then you should choose the richer format (PNG or GIF).

In the next part of this article, I’ll discuss in detail about optimizing content published on the front end.

Was this guide helpful? Have I missed something? Please share in the comments section below.

Categories
Articles Legal Technology Web Security

How to Install an SSL Certificate on Internet Information Services (IIS) – 9 Easy Steps Tutorial

Installing an SSL Certificate on IIS (Internet Information Services) is not a daunting task for those who aren’t technically sound or have a detailed idea about it. This tutorial will guide you through the complete process of SSL certificate installation on different versions of IIS.

SSL Overview

Secure Socket Layer (SSL) Certificates secure the customer’s information worldwide through state-of-the-art encryption methods. At the time of writing this article, there are an almost infinite number of websites using different types of SSL Certificates from a variety of brands in order to protect their customer’s privacy. SSL Certificates are specifically used to encrypt customer information as it travels between a browser and web server. Through SSL Certificates websites gain the genuine trust of their customers as they are assured that their data will be secured. While the purpose of SSL Certificates ultimately remains the same there are some minor differences in the installation process often between the different types of servers and SSL Certificates out there. Prior to installation it’s of the utmost importance that one meets the server requirement (have a server available and know what kind) as well as have a dedicated IP address.

The following are 9 Essential Steps to Install an SSL Certificates on an IISx:

Step 1:

When installing an SSL Certificate the first step is to generate the Certificate Signing Request (CSR) through your Internet Information Services (IIS) Manager. After generating the CSR you must then submit it to a Certificate Authority (CA). The site administrator may be able to obtain the certificate directly; otherwise they must contact the web host to gain access to the certificate. Once the CSR File is created and obtained, the file containing the certificate must be opened then saved to the proper server under the new name “Your Web Site.csr”. This file is an encrypted document that contains the information related to the SSL Certificate.

Step 2:

Select the “Start >> Administrator Tools >> Internet Information Service (IIS) Manager” and then simply proceed to left-click on the server’s name.
How to install SSL Certificate on IIS

Step 3:

After you have completed all the steps above find the “security” section from the server’s menu. Select the “server certificates” menu button. Left-click on the “complete certificate request” menu option, which then launches the Certificate Wizard. Continue to install the certificate, and don’t worry if it at all sounds complicated since the wizard performs the majority of the work. When prompted, select the .cer file saved to the server during “Step 1” and enter the requested name that refers to the certificate located on the server.Guide for SSL Certificate Installation on IIS 7 Web Server

Step 4:

Click the “OK” button to complete the request. This point of the installation is complete and the certificate is successfully installed. After installation of certificate on the server, assign Certificate to the appropriate website using IIS.Assigning SSL Certificate to the appropriate website using IIS

Step 5:

To Assign the certificate to the appropriate website:

Select “IIS >> Connections”, select the name of the server to which the certificate was installed and under “Sites”, select the site to be secured with SSL.

Step 6:

Right click on “Bindings” from the “Actions” menu.
How to SSL Certificate on IIS – 9 Easy Steps
Step 7:

In “Site Binding” click on “Add”, this will open the “Add Web Site Binding” window.

SSL Certificate Installation on IIS 7 Web Server

Step 8:

Select https under “Type”. The IP Address should be the IP address of the website, or it should be default as “All unassigned”. The port is usually 443, by which traffic will be secured by SSL.
SSL installation guide

Step 9:

Click “Ok”, and you must restart the IIS to complete this operation.
SSL Certificate Installation on IIS 7 Web Server
Now that the installation of the SSL Certificate has been completed your website is completely ready to provide encrypted security to your virtual customers.

Was this guide helpful? Have I missed something? Please share in the comments section below.

Categories
Articles Legal News Technology Web Security Web Security

Frequently Asked Questions about EV SSL Certificates answered by RapidSSLonline

RapidSSLonline, an SSL security specialist, addresses some valuable questions and answers, which according to them are most frequently asked on the web.

What is an EV SSL Certificate Security?
EV SSL or Extended Validation SSL certificate is one of the most toughest and trusted SSL certificates, which is especially produced to protect wide level e-Business web servers and their users’ information, while it is being transferred between web browsers and servers.

What type of validation does an EV SSL certificate contain?
An EV SSL certificate issued  to any web organization contains complete Domain and Business Authentication details.

What are some major advantages Extended Validation SSL certificate has when compared to a Standard SSL?
One of the greatest advantages of obtaining an EV SSL certificate is getting the green address bar status, which immediately alerts consumers that the site they are visiting offers the highest level of security.

Extended validation certificates offer online businesses the highest level of encryption, generally between 128-256 bit encryption. This ensures that all data transmissions are encrypted to the maximum, with virtually no chance of sensitive information falling into the hands of a third party.

What is a Legal Opinion Letter of EV Certificate?
It is a professional opinion letter from Certified or Licensed Attorney for Extended Validation SSL certificate issuance. All major Certificate Authorities such as Symantec, GeoTrust, and Thawte require Legal Opinion Letter before EV issuance to any organization.

What encryption level does EV SSL contain?
EV has the toughest protection encryption such as 256 bit with 2048 bit CSR key generation.

How much time is needed for issuance of an EV SSL certificate?
It needs 10 to 15 business days for issuance of an EV SSL certificate.

What all web browsers are compatible with an Extended Validation SSL Certificate?
Here is the list of web browsers, which are the most compatible to EV cert.

  • Firefox 1+, 2+, 3+
  • IE 5+, 6+, 7+, 8+
  • Netscape 4+
  • Opera 7+
  • AOL 5+
  • Safari

How much warranty amount does an  EV SSL certificate contain?
An EV SSL certificate contains  a minimum of $500,000 and maximum of $1,500,000 warranty.

Does EV security support mobile devices?
Yes it does! Secure site pro with EV security from Symantec supports mobile devices, which is also the toughest security solution on the web.

What is the difference between EV SSL and WildCard SSL?
EV SSL certificate is a complete domain authentication which protects single qualified domain only on a single server and IP, whereas  WildCard SSL is domain authenticated security, which protects sub domains and as well as main domains on single server and IP.

Page 20 of 21
1 18 19 20 21